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CLAIMS 



A method for operating a portable authorization device for 



selectively authorizing a host system to use one or more items of protected 
information, comprising the steps of: 

coupling the portable authorization device to the host system; 

receiving a firstutem of authorization information from a first type of 
information authority: 

receiving a secondNitem of authorization information from a second type of 
information authority; and 

selectively authorizing, the host system to use the one or more items of 
protected information based upon the first or second items of authorization 
information. \ 

2. A portable authorization device for selectively authorizing a host 
system to use one or more itemsW protected information, comprising: 
a processing unit; \ 

a storage medium operatively coupled to the processing unit; 

a first interface operative in conjunction with the processing unit and the 
storage medium for receiving a first item of authorization information from a first 
type of information authority; \ 

a second interface operative in conjunction with the processing unit and the 
storage medium for receiving a second iteimof authorization information from a 
second type of information authority; and \ 

a third interface operative in conjunction with the processing unit and the 
storage medium for communicating with the hoVt system to selectively authorize 
the host system to use the one or more items of protected information based upon 
the first or second items of authorization information; 

wherein the portable authorization device is removably couplable to the host 
system through the third interface. \ 
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3. The portable authorization device of claim 2, wherein: 

the first interface comprises a direct information authority interface program; 

the first type oninformation authority comprises a direct information authority 
operatively coupled uirectly to the portable authorization device; 

the second and third interfaces each comprise a same host system interface 
program; and \ 

the second type of imbrmation authority comprises an indirect information 
authority operatively couroled to the portable authorization device through the host 
system. \ 

4. The portable authorization device of claim 3, wherein the indirect 
information authority comprises a computer system coupled to the host system via 
a network. \ 

5. The portable authorization device of claim 3, wherein the indirect 
information authority comprises dam stored on a magnetic storage medium. 

6. The portable authorization device of claim 2 ? further comprising: 
a host authorizer operative in conjunction with the processing unit and the 

third interface for selectively authorizing the host system to use the one or more 
items of protected information based upon the first or second items of 
authorization information. \ 

7. The portable authorization device\pf claim 6, wherein the host 
authorizer is a software program operatively storea in the storage unit. 

8. The portable authorization device of olaim 6, wherein: 

the first and second items of authorization information comprise first and 
second key selectors, respectively; and \ 

the host authorizer in conjunction with the processing unit and the third 
interface operatively generates a key based upon the first W second key selectors 
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and selectively authorizes the host system to use the one or more items of 
protected information based upon the key. 

9. Thev portable authorization device of claim 2, wherein the first 
interface is configured to conduct a challenge-response transaction with the first 
type of information authority. 

10. The portable authorization device of claim 2, wherein the second 
interface is configured to conduct a challenge-response transaction with the 
second type of informationWthority. 

1 1 . The portable authorization device of claim 2, wherein the third 
interface is configured to conduit: a challenge-response transaction with the host 
system. \ 

12. An authorization system for selectively authorizing a host system 
to use one or more items of protected information, comprising: 

an access control mechanism associated with the host system for receiving a 
first item of authorization information fronra first type of information authority 
operatively coupled to the host system and fok forwarding the item of 
authorization information to the portable authoidzation device; and 

a portable authorization device removably couplable to the host system for 
receiving the first item of authorization information from the access control 
mechanism and for selectively authorizing the hostVystem to use the one or more 
items of protected information based upon the first item of authorization 
information. \ 

13. The authorization system of claim 12, wherein: 

the portable authorization device is configured to also Veceive a second item of 
authorization information from a second type of information authority operatively 
coupled to the portable authorization device and, furthermore\ is configured to 
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selectively authorize the host system to use the one or more items of protected 
information based upon the first or second items of authorization information. 

14. A portable authorization device for selectively authorizing a host 
system to use one\pr more items of protected information, comprising: 

a processing unit; 

a storage mediumvoperatively coupled to the processing unit; 

a first interface operative in conjunction with the processing unit and the 
storage medium for receiving a key selector from an information authority; 

a host authorizer operative in conjunction with the processing unit and the 
storage medium for generating a key based upon the key selector; and 

a second interface operative in conjunction with the processing unit and the 
storage medium for communicating with the host system to selectively authorize 
the host system to use the one or more items of protected information based upon 
the key; \ 

wherein the portable authorization device is removably couplable to the host 
system through the second interface. 

15. The portable authorization device of claim 14, wherein: 
the first interface comprises an information authority interface; and 
the second interface comprises a host system interface. 

16. A portable authorization device for selectively authorizing a host 
system to use a plurality of items of protected information, comprising: 

a processing unit; \ 

a storage medium operatively coupled to\the processing unit for storing one or 
more items of blended authorization information, each item of blended 
authorization information being derived from a plurality of items of authorization 
information; \ 

an unblending mechanism operative in conjunction with the processing unit 
and the storage medium for regenerating at least tone of the plurality of items of 
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authorization information from the one or more items of blended authorization 
information; and 

a host system interface operative in conjunction with the processing unit and 
the storage mediiim for communicating with the host system to selectively 
5 authorize the host avstem to use an item of protected information based upon the 

at least one item of authorization information; 

wherein the portable authorization device is removably couplable to the host 
system through the host system interface. 

*:f 10 17. The portable ^authorization device of claim 16, wherein: 

il each item of blended authorization information is derived from the two or 

i j more items of authorization information by performing an arithmetic operation on 

^ the two or more items of authorization information. 

%y \ 

£-15 18. A method for operating, a portable authorization device for 

selectively authorizing a host system toVise one or more items of protected 
0 ; information, comprising the steps of: \ 

p coupling the portable authorization device to the host system; 

receiving a plurality of items of authorization information; 
20 generating one or more items of blended authorization information from the 

plurality of items of authorization information; \ 

storing the one or more items of blended authorization information in a 
storage medium; \ 

retrieving one or more of the items of blended authorization information from 
25 the storage medium; \ 

regenerating at least one of the plurality of items of authorization information 
from the one or more items of blended authorization information; and 

selectively authorizing the host system to use an item of protected information 
based upon the at least one item of authorization information. \ 
30 \ 
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19. ANportable authorization device for selectively authorizing a host 
system to use one or more items of protected information, comprising: 
a processing unit 

a first storage medium operatively coupled to the processing unit for storing 
one or more encoded items of authorization information; 

a second storage rnedikm operatively coupled to the processing unit for 
storing decoding information used to decode the one or more encoded items of 
authorization information, whVrein the second storage medium is accessible by 
the processing unit only if the processing unit receives proper authorization; 

a decoding mechanism operative in conjunction with the processing unit and 
the first and second storage media for decoding at least one of the one or more 
encoded items of authorization information to produce at least one respective item 
of authorization information; and 

an interface operative in conjunction ^ith the processing unit for 
communicating with the host system to selectively authorize the host system to 
use an item of protected information based up^on the at least one item of 
authorization information. 



20. A portable authorization device fok selectively authorizing a host 
20 system to use one or more items of protected information, comprising: 

a processing unit; 

a first storage medium operatively coupled to the processing unit for storing 
one or more encoded items of authorization informatic 

a second storage medium operatively coupled to th^processing unit for 
25 storing a plurality of items of decoding information; 

a decoding mechanism operative in conjunction with toe processing unit and 
the first and second storage media for decoding at least ona of the one or more 
encoded items of authorization information using a selectedWe of the plurality of 
items of decoding information to produce at least one respective item of 
30 authorization information; and 

an interface operative in conjunction with the processing unit for 
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communicating with the host system to selectively authorize the host system to 
use an iterri of protected information based upon the at least one item of 
authorization, information. 

21. ANportable authorization device, comprising: 
a processing unit; 

a storage mediunrsoperatively coupled to the processing unit; 

a first interface operative in conjunction with the processing unit and the 
storage medium for receiving a first item of information from a first information 
authority; and \ 

a second interface operative in conjunction with the processing unit and the 
storage medium for transmitting^ second item of information to a second 
information authority. \ 

22. The portable authorization device of claim 21 , wherein: 

the first item of information comprises an item of authorization information 
for selectively authorizing a host system to use one or more items of protected 
information; \ 

the second item of information is the same as the first item of information; and 
the portable authorization device disables i*r removes the item of authorization 
information from therein upon transmission to tile second information authority. 

23. The portable authorization device of Ylaim 22, wherein the second 
information authority is a second portable authorization device. 

24. A portable authorization device, comprising: 
a processing unit; \ 

a storage medium operatively coupled to the processing unit; 

a message manager operative in conjunction with the processing unit and the 
storage medium for determining whether the portable authorization device is 
authorized to receive an item of authorization information from aA information 
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author hy; and 

an interface operative in conjunction with the processing unit, the storage 
medium ano\the message manager for receiving the item of authorization 
information from the information authority if the portable authorization device is 
authorized to receive the item of authorization information. 

25. A portable authorization device for selectively authorizing a host 
system to use one or mqre items of protected information, comprising: 

a processing unit; \ 

a storage medium operVtively coupled to the processing unit for storing an 
enable field and a counter associated with a set of items of protected information; 
and \ 

an interface operative in conjunction with the processing unit and the storage 
medium for communicating with the host system to selectively authorize the host 
system to use a subset of the set of items of protected information based upon 
values of both the enable field and thk counter. 

26. A portable authorization device for selectively authorizing a host 
system to use one or more items of protected information, comprising: 

a processing unit; \ 

a storage medium operatively coupled to me processing unit; 

a password manager operative in conjunction with the processing unit and the 
storage medium for determining if a predetermined password authorization 
condition is satisfied with respect to the host system and if not, obtaining and 
verifying a password entered by a user; and \ 

an interface operative in conjunction with the processing unit, the storage 
medium and the password manager for communicating with the host system to 
selectively authorize the host system to use the one or more\items of protected 
information only if the predetermined password authorization\condition is 
satisfied. \ 
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27. A^^em for reconstructing a portable authorization device, 
comprising: 

a portable authorization ctevqce that operatively stores one or more items of 
authorization information for selectively authorizing a host system to use one or 
more items of protected information; and 

reconstruction data disposed on the host sys^fein for reconstructing the items of 
authorization information operatively stored in the portable authorization device. 
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